Nuesoft Website  |  Blog Home  |  Contact Information

The exchange of lab data is included in the draft of the meaningful use criteria, but as the HIT Policy Committee workgroup heard on Tuesday, exchange of data between laboratories and electronic health record systems in practices and hospitals will be a challenge to implement on a large scale for two main reasons. One is the lack of standards – there are not even standard naming conventions for orders, let alone existing standards for data exchange. And the second reason is that varying state laws will hamper direct access to test results. Some states only permit laboratories to release results to the physician or other person that ordered the test, meaning that if a patient is referred to a specialist, the specialist would have to access the test results via the other physician rather than directly from the laboratory.

Without data standards, interfaces between lab systems and EHRs are a long way from “plug and play”, as one of the professionals that testified before the committee explained. Planning, coding and testing means most interfaces cost about $5,000 and take about three months to complete – which makes them resource- and cost-prohibitive for the smaller hospital and independent labs that actually perform the majority of lab tests in the U.S. Even if the EHR vendors foot the bill (and they often do), without proper IT resources on the lab company’s side, it can be a slow process, particularly if this same process has to happen dozens of times with each different EHR vendor.

The Policy Committee has yet to release its recommendations, but summaries of the meeting seem to point to one common-sense conclusion – that standards are required before exchange of lab data can feasibly be considered part of the definition of meaningful use. This probably comes as no surprise to most in the industry, particularly the HIT Standards Committee, which has previously met on this very subject and whose Co-Chair, Dr. Halamka, has already suggested a set of suitable standards for lab data exchange.  However, the other part of the knotty problem; how to reconcile differing privacy requirements between states, is a legal headache that may prove harder to resolve. As interoperability in health care is explored in greater depth and we move into an era in which data-sharing across state and national borders becomes ever more common, expect this issue to become an ongoing part of the dialogue.

Nuesoft Technologies Inc this week announced the winners of the fall round of its College Health Scholarship Program, which awards grants of up to $5,000 to health and counseling centers so that they can automate their operations using Nuesoft Xpress. Find out which schools were the lucky winners and read more about the scholarship program here.

As previously discussed on this blog, one of the biggest hurdles to making health IT fully interoperable is that it increases the chance of massive scale privacy breaches due to some systems being less secure than others. In the Health Information Technology for Economic and Clinical Health (HITECH) Act, Congress inserted a clause requiring that in the event of a breach, all persons whose health information was compromised must be notified. Under the regulations, not only would the care provider be required to notify their patients; a breach by the EHR vendor in turn must also be communicated to the care provider. This creates an incentive for the vendor and provider alike to ensure the highest levels of security are maintained, and ultimately should lead to vendors making their systems more secure to ensure they remain competitive in the marketplace, as the security of an EHR may now be a deciding factor in a practice’s purchase. Additionally, knowing that these safeguards exist should bolster public trust in health care technology, a necessary step given the widespread consumer concern about losing control over the privacy of personal information.

Some members of Congress were therefore concerned to read that the Breach Notification Interim Final Rule modified the legislation’s original requirement with the addition of a “harm standard”. As they wrote in their letter to Secretary Sebelius last week:

“If the breaching entity decides there is no significant risk of financial, reputational or other harm to the individual, that provider or health insurer never has to notify their patients that their sensitive health information was used or disclosed in violation of the federal privacy rule.”

Their argument is threefold; first that “risk of harm” is extremely subjective and requires self-regulation, second that it will aid consumers to make informed decisions about a health care entity based on its breach record, and third that enforcement will be simpler if the rules stay black and white.

There is another side to the argument, of course; outlined with some clarity on this health care law blog. In brief, it suggests that some of the “real world” breaches that would occur would be insignificant and relate to individual records (such as a nurse accessing the wrong patient record accidentally, seeing that it was the wrong one and closing it again immediately) and that because of how frequently this is likely to occur, it would be overly burdensome to require mandatory notification in all instances.

The question is really whether incentivizing the tightening of security standards outweighs the interests of providers, many of whom are already struggling to implement health care IT effectively in their practices. When the 60-day public comment period expires toward the end of this month, the Department of Health and Human Services will have the unenviable task of deciding between these competing priorities.

As the health care community watches the EHR meaningful use criteria take shape under the American Reinvestment and Recovery Act (ARRA), some may be wondering whether the push for more interoperable health IT systems will truly improve care and reduce costs. Skeptics might find an example of success from an unlikely source: the government.

The Federal Health Architecture, which coordinates federal efforts for national healthcare IT initiatives under the Office of the National Coordinator (ONC) for Health Information Technology, kicked off in March 2008 with a goal to achieve interoperability in government health IT operations. On board are 20 federal health agencies and 16 private sector entities that are all able to securely exchange electronic health data through the National Health Information Network ‘s CONNECT software, which is available to all states through an open source platform. Results from pilot users are starting to come in, and they look promising.

The Social Security Agency was one of the first to begin using the CONNECT network, through a partnership with Virginia’s Regional Health Information Organization, MedVirginia. Initial data has shown decreased time to determine benefits eligibility (weeks to days), faster decisions on outstanding claims, and significantly reduced administrative work and costs.

The SSA/MedVirginia partnership, and FHA in general, offer a microcosm of what health care IT might be like if HHS succeeds in its vision under the ARRA to consolidate all information exchanges relevant to electronic patient records. Currently, the Health IT Policy Committee is requiring that by 2011 EHRs include seven electronic data exchanges; including e-prescribing, lab results, clinical data summaries from provider to provider, biosurveillance, immunization registries, public health and quality measurement.

While these attempts to facilitate shared, structured data exchange may still fall short when it comes to standardizing workflow within a practice (see Nuesoft blog post highlighting the impact of technology standards on practices), the government through its efforts is giving health care a needed push down the path toward interoperability, and thus improving continuity of care and communication among providers

Hospitals and practices are concerned about the security of their patients’ information, and rightfully so. The fear of data pirates and hackers prevents many health providers from making the switch from paper records to electronic ones. However, as this Colorado hospital discovered, sticking to paper records won’t prevent the possibility of confidential patient information being compromised or stolen.

In fact, providers wanting to maximize the security of their patient information might consider that it is much easier to keep patient information secure if it is housed in digital format with proper access and audit controls. Client-server-based systems that still rely on staff backing up information on tapes are simply relocating the problem, as a rash of news stories recently has proven, but remotely hosted Internet-based systems can exceed HIPAA regulations, take care of backups in a secure data center, and protect data being transmitted between you and the server by using a secure, private platform that avoids the cluttered, public forum of the World Wide Web.

You can find out more about the differences between client-server technology and Internet-based technology here.